Part I of our 2021 Security Walkthrough shows the initial 5 posts of our top 10. 6 – Vulnerable Plugin Exploited in Spam Redirect Campaign It was brought to our malware research team’s attention that a vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. The type of vulnerability found is known as […]
Tag Archives: Website Security
A Walk Through a Year of Website Security: Part I
Over the last year, Sucuri has provided a wide array of posts in regards to how sites are infected, the types of attacks we’ve discovered, how to detect them, and how to prevent future infections with certain methods and tools. In this article we’ll discuss our top 10 posts involving website security, and what site […]
Most Interesting Vulnerabilities of 2021
As with most years, there’s been a wide array of critical vulnerabilities found within content management systems, plugins, API keys, etc. We’ll be recapping our discoveries and how these vulnerabilities were exploited, or potentially could have been. Adobe Patches Critical Magento Vulnerabilities This past year, Adobe released several critical security patches for both their commercial […]
How to Add SSL & Move WordPress from HTTP to HTTPS
Making sure your website uses HTTPS should be a top priority for any webmaster In fact, recent statistics show that over 42% of site administrators across the web use WordPress, and many of these sites still don’t have an SSL certificate installed. The Importance of SSL For the past several years, SSL has become increasingly […]
Critical Vulnerabilities in All in One SEO Plugin Affects Millions of WordPress Websites
Security Risk: High Exploitation Level: Easy CVSS Score: 9.9 / 7.7 Vulnerability: Privilege Escalation, SQL Injection Patched Version: 4.1.5.3 Last week, security researcher at Automattic Marc Montpas recently discovered two severe security vulnerabilities within one of the most popular SEO plugins used by WordPress website owners: All in One SEO. The plugin is used by […]
How to Find and Fix a WordPress Pharma Hack
Did you know that one quarter of all spam emails are accredited to pharmaceutical ads? Pharma hacks go beyond the inbox and spam websites by redirecting traffic and adding fake keywords and subdomains to the search results. Why, and how did the medical world get tangled up in spam emails, SEO spam, redirects, and website […]
Log4j Vulnerability: The Perfect Holiday Present that Nobody Wants
A critical server security vulnerability in the Java logging library Log4j is taking the internet by storm because code to actively exploit this vulnerability is already widely distributed across the web. Originally found on the popular game Minecraft, it has since been shown to affect most web servers running Apache along with its ubiquitous logging […]
How Malware Gets On Your Website
Almost since the Internet’s inception malware infections have kept pace to be the biggest nuisance a site owner experiences. With an ever growing amount of sites making up the World Wide Web, malware infections only become more common. In this article we’ll discuss what malware is, the various types we’ve come across, the methods used […]
E-commerce Website Security Strategy for Holiday Shopping Season
As shopping season approaches once again, we’d like to give you some helpful advice when it comes to managing an e-commerce site, and how to avoid being the target of an attack. Due to the pandemic, more people are spending their time shopping for gifts online than ever before. Global e-commerce sales are projected to […]
PHP Re-Infectors – The Malware that Keeps On Giving
We all know why bad actors infect sites: monetary gain, boosts in SEO ratings for their malware or spam campaigns and a number of other reasons explained in our post on hacker’s motivations. It defeats the purpose of the attack if the malware is easily and quickly removed. Attackers have developed some methods for protecting […]
